Current Series Release Notes

The keystone-managebootstrap command can now be used to update
existing endpoints idempotently, which is useful in conjunction with
configuration management tools that use this command for both
initialization and lifecycle management of keystone.

Allow the creating of a domain with the additional, optional
parameter of explicit_domain_id instead of auto-creating a
domain_id from a uuid.

When keeping two Keystone servers in sync, but avoiding Database
replication, it was often necessary to hack the database to update
the Domain ID so that entries match. Domain ID is then used for
LDAP mapped IDs, and if they don’t match, the user IDs are
different. It should be possible to add a domain with an explicit
ID, so that the two servers can match User IDs.
The reason that the variable name is not simple domain_id is
twofold: First to keep people from thinking that this is a required, or
at least suggested field. Second, to prevent copy errors when
creating a new domain, where the domain_id would be copied in from
the old one, and having spurious failures, or undesirecd domain_id
matching.

The keystone-managebootstrap command will now update existing
endpoints rather than skipping them if they already exist but are different
from the values provided to the command. This is useful in conjunction with
configuration management tools that use this command for both
initialization and lifecycle management of keystone.

A Federated user gets an entry in the shadow-users table. This
entry has a unique ID. It was generated using a UUID. This fix
changes to reuse the mechanism for LDAP, where the ID is generated
from the domain ID + the local id of the user (an attribute that
uniquely ids the user from the IdP). This generator is specified
by the configuration file. Now Both LDAP and Federated Ids are
generated the same way. It also means that Federated IDs can be
kept in sync between two independtent Keystone servers.

[bug 1779889]
Adds documentation about service tokens and configuring services to use
service tokens for long running operations.